JPS62164184A - Test program start up system - Google Patents

Abstract

PURPOSE:To surely prevent a test program from starting up improperly by providing a check circuit, and comparing the combination of bits of parallel level information based on signals having different levels inputted to plural terminals with the information stored in advance. CONSTITUTION:A check circuit 22 which checks whether the start up of the test program in an IC card is possible or not consists of level detectors 23-25, a comparator 26, and a level matrix circuit 27, and terminals, a Reset, an I/O, and a CLOCK, are connected to it. A ternary voltage signal with different levels is given to each of the terminals other than a normal signal, and is inputted to the detectors 23-25 respectively. And a combination signal of the bits of parallel level information based on input signals is inputted to a comparator 26 from the detectors 23-25, and it is compared with the combination signal of bits of parallel level information proper for a card stored at a level matrix 27 in advance. As a result, only when they are coincident, the start up of the test program is permitted, therefore, the improper start up of the test program can be surely prevented.

Description

DETAILED DESCRIPTION OF THE INVENTION [Technical Field of the Invention] The present invention relates to a test program starting method for starting a test program stored in an IC card.

[Prior art and its problems] In recent years, it has become known as the cashless era, and by using cards issued by credit card companies, it has become possible to purchase products without handling cash.

Traditionally used cards include plastic cards, embossed cards, and magnetic striped cards, but these cards are easy to inspect due to their structure.
Illegal use is a problem.

In order to solve this problem, an information card, a so-called IC card, is being considered, which has an IC circuit that stores the authentication number stored inside the card so that the authentication number cannot be easily read from the outside. .

By the way, such an IC card stores various LSIs such as a data memory and a system program ROM, but in particular, data memory addressing, writing/reading, and system program ROM are stored.
The bit pattern states of ~1 must always be maintained normally, and therefore it is necessary to be able to test these states even when the card is completed or while the card is in use.

Therefore, in conventional IC cards, a test program is stored, and this program is executed from outside the card using a test terminal provided on the card to enable a predetermined test.

However, the ability to easily perform tests from outside the card using test terminals means that highly confidential information such as the bit pattern of the system program ROM and the bit pattern of data memory can be easily retrieved to the outside. become. This not only makes it possible to forge cards based on this information, significantly reducing security, but in the worst case scenario, the technology of the entire system that uses IC cards will be analyzed and exploited on a large scale. There was a risk.

[Object of the Invention] The present invention has been made in view of the above circumstances, and it is an object of the present invention to provide a test program starting method that can reliably prevent unauthorized starting of a test program in an IC card.

[Key Points of the Invention] The test program starting method according to the present invention utilizes terminals such as Reset, I/O, and C1ock provided on the IC card, simultaneously inputs multi-value signals of different levels to these terminals, and The combination of parallel level information based on these input signals is compared with the combination of parallel level information stored in the card in advance, and the test program is allowed to start only when they match. It has become.

[Embodiments of the invention] An embodiment of the present invention will be described below with reference to the drawings.

FIG. 1 shows the circuit configuration of the same embodiment.

In the figure, 11 is a system bus, and this system bus 11 includes a data ROM 12, an application data R
An OM 13, a working RAM 14, a system program ROM 15, a test program ROM 16, a main controller 17, a data memory controller 18, a cryptographic comparator 19, and a USART circuit 20 are connected, respectively.

Here, the data ROM 12 stores all operating conditions for the IC card itself, and these condition data are stored as answer-to-reset data (not shown) in accordance with a predetermined format when the internal initialization of the card itself is completed. It is configured to be sent to the terminal side.

The application data ROM 13 contains card type data rAPNJ indicating what type of card this card is.
This data is stored in the answer to
The initial parameter setting model based on the reset data is sent in a predetermined data format when exchanging attributes with the terminal.

The working RAM 14 stores information such as internal data on the card.

The system program ROM 15 contains a code signal rAcKJ or rNA indicating whether the signal transmitted and supplied from the terminal side together with each (1 system program) is correct or not.
It is equipped with cJ. Also, this system program RO
A specific code is written in M15 for finally checking the test program starting command from the terminal.

The test program ROM 16 stores a test program for checking the bit pattern in the system program ROM 15 or accessing the data memory as a test inside the card.

The main controller 17 outputs operation commands to each circuit in accordance with the data signal transmitted and supplied from the terminal side and the operating state.

The data memory controller 18 is the main controller 1
Addressing and data writing/reading with respect to the data memory 21 are performed in response to commands from 7, and furthermore, these addressing and data writing/reading can be completely stopped.

For example, an EEP-ROM is used as the data memory 21. In this case, such data memory 25 is
AJ, rlPINJ, rPANJ, rcl-INJ, r
Information such as EPDJ and IP'RKJ codes and status data rSTJ is stored. Here, rcAJ
(Card Authenticator) is a random code used to encrypt and decrypt messages.

rlPINJ (Initialization P
personalIdentificationNu
umber) is a random code of, for example, 6 bits, which uses its own verification number rPINJ and has a lumen number r. rPANJ (Primary Account
Number) represents the account number. rcH
NJ (Card holder Name
> represents the card holder's name. rEPDJ
(Expirati.

n　Date) represents the expiration date.

IF'RKJ (Private Key Co.
de) is a decryption code. rsTJ is used to represent the current card status and is sent to the terminal side in data format.

The code comparator 19 decrypts the input data transmitted from the terminal side based on the rR8AJ algorithm, and also compares the input data with a specific code read from the system program ROM 15 if necessary. The output of this one cryptographic comparator is sent to the main controller 17.

The USART circuit 20 controls data transmission to and from the terminal.

On the other hand, 22 is a check circuit that checks whether or not the test program of the card can be started.This check circuit 22 is connected to the I10 terminal for exchanging data with the terminal when the card is attached to the terminal, and the Re5et terminal to which a reset signal is applied. cl to which a terminal and a clock signal are applied.

It has a ck terminal. And these I10 terminals,
Level detectors 23, 24, and 25 are connected to the Re5et terminal and the clock terminal, respectively. In this case, multilevel signals of different levels are applied to the I10 terminal, Re5et terminal, and clock@ child in addition to the normal signal. Specifically, as shown in FIG. 3, three-value voltages Vcc, Vl, and V2 with different potentials are used as multi-value signals with different levels.
is used. In this case, the normal combination of these ternary signals is that vcc is applied to the I10 terminal, vl is applied to the CI QCk terminal, and v2 is applied to the Re5et@child. In this state, the level detector 23 detects "O
”, level information of “2” from the level detector 24 and “1” from the level detector 25 is obtained.

The outputs of these level detectors 23, 24, 25 are
given to 6. The comparison section 26 is supplied with the output of the level matrix 27. This level matrix 2
7 has a card-specific combination of parallel level information corresponding to the combination of parallel level information from the level detectors 23.24.25. In this case, the level matrix 27 is given the above clock signal Φ.

Then, the comparison result of the comparison section 26 is the main controller 1.
Sent to 7.

Here, such a check circuit 22 will be described in more detail based on FIG. 2. Level detectors 23.24.2
5 has output terminals 01.02, respectively, and level information "0"
When the level information is "1" it outputs roOJ, when the level information is "1" it outputs "01", and when the level information is "2" it outputs "1oJ". Also, the comparator 26 to which the outputs of these level detectors 23, 24, and 25 are given is a level detector. It has three matching circuits 261, 262, 263 and a logic circuit 264 to which the outputs of the circuits 23, 24, 25 are respectively given, and these matching circuits 261, 262, 2.
63, when the coincidence output is 1q at the same time, the logic circuit 26
4, an output of "1" can be obtained.

On the other hand, the level matrix 27 has a ROM 271 that stores three types of data "00", "01", and "10" as card-specific parallel level information. and,
These data rooj are sent to the match circuit 261 via transfer gates 1 to 272, data "01" is sent to the match circuit 263 via transfer gates 273, and data "1" is sent to the match circuit 263 via transfer gates 273.
0” to match circuit 2 through transfer game 1-274.
62 each. Here, the 1-transfer gates 272, 273, and 274 are opened in response to the output of the counter 275. The counter 275 inputs the clock signal Φ and generates an output when the count value reaches a predetermined value n.

On the other hand, returning to FIG. 1, from the terminal side, power for card driving is applied to the Vcc terminal, and power for writing to the data memory 25 is applied to the Vpp terminal. The power supply voltage at this time is the answer-to-reset voltage stored in the data ROM12.
Set on the terminal side based on the data. Also, G
The GND line on the terminal side is connected to the ND terminal.

Further, the card operation signal is supplied to each circuit via a frequency divider 28 as Φ'.

Here, the relationship between such an IC card and the terminal to which the card is installed is simply described as follows. Now, when an IC card is inserted into a terminal, an initial setting signal set in advance on the terminal side is transmitted. Then, under the operating conditions based on this signal, I
C card is activated.

In other words, the data R is controlled by the main controller 17.
The answer-to-reset data stored in OM12 is read out and sent to the terminal side. and,
If this data is determined to be correct on the terminal side, the card-specific operating conditions are set and rEN
A QJ (makeshift) code will be sent back to you. This code is loaded into the working RAM 14 by 1. In this state, the main controller 17 determines whether or not the rENQJ code can be properly received through normal operation.
If YES from system program ROM15, “△C
In the case of KJ and No, the rNAcJ signals are extracted and sent to the terminal side. Then, on the terminal side, r
When the ACKJ signal is confirmed, a terminal code rTcJ, which varies depending on the type of terminal, is returned.

On the other hand, if the rNA'CJ signal is confirmed, the connection with the terminal is severed. When the terminal code rTCJ is sent from the terminal side, the application data RO is sent to the main controller 17 in the IC card.
The application name 1' A P N J, which differs depending on the type of card stored in M13, is taken out and sent back to the terminal side.

Thereafter, when it is determined on the terminal side whether or not the application types have a correspondence relationship based on rAPNJ, an instruction code is returned. On the other hand, if it is determined that there is no match,
The connection with the terminal is severed. When the command code is obtained in this way, the own authentication number rPINJ entered from the terminal is compared with the authentication number pre-stored in the IC card, and if the two match, information on subsequent financial transactions etc. The exchange will now take place.

Next, the operation of the embodiment configured as described above will be explained according to the flowchart shown in FIG.

First, test? Insert the IC card into the test terminal. Then, the I10 terminal of the IC card, R
The e5et terminal, clock@child, VCC terminal, ■ρp terminal, and GND terminal are connected to corresponding terminals on the terminal side.

This causes the process to proceed to step A1. In this step A1, it is determined whether or not the test program can be started. To do this, first, multi-channel signals with different levels are applied from the terminal side to the I10 terminal, the Re5et terminal, and the clock terminal. Specifically, when a test command is issued on the terminal side, three voltages with different levels, VCC, Vl,
V2 is output at the same time. In this case, V2 is Re5et
terminal, VCC is I/OJAW child, Vl is cl.

It is given to the ck terminal. Then, the level information "0" is obtained from "00" at the output terminal o1.02 of the level detector 23, and the level information "0" is obtained from the output terminal o1.02 of the level detector 24.
0] That is, level information "2" is obtained, and furthermore, rolJ, that is, level information r 1 J is detected at the output terminals o1 and o2 of the level detector 25. These level information are then given to matching circuits 261, 262, and 263 of the comparing section 26, respectively. That is, in this case, the output of the level detector 23 is sent to the matching circuit 261, the output of the level detector 24 is sent to the matching circuit 262, and the output of the level detector 25 is sent to the matching circuit 261.
63 respectively.

On the other hand, in the level matrix 27, a counter 275 counts the clock signal Φ from the terminal.

Then, when the count content of the counter 275 reaches n, an output is generated at the same timing as when the ternary multi-value signal is applied. Then, transfer gates 272, 273, and 274 are opened all at once, and RO
Data stored in M271 “OO”, “01”, “1”
o'' is used as level information by the matching circuit 26 of the comparing section 26.
1,262,263 respectively.

In this case, the data "00" is the coincidence circuit 261, the data "00" is
01” is the match circuit 263, data “1o” is the match circuit 2
62 respectively.

As a result, the matching circuits 261, 262, and 263 check whether the level information from the level detectors 23, 24, 25 matches the information from the level matrix 27. In this case, if a matching result is obtained in all the matching circuits 261, 262, and 263, a "1" output will be generated from the logic circuit 264, but if a 3rd signal is sent from the terminal due to an invalid program startup request. If the combination differs from the normal one, one of the matching circuits 261, 262, and 263 will not match, and the logic circuit 264 will continue to output "0".

The output of the logic circuit 264 in this state is sent to the main controller 17.

In this case, if the tertiary signal shown in FIG. 3 is input to each terminal, all of the matching circuits 261 to 263 will match, so that the logic circuit 264 will generate an output of "1". Then, it is determined that the request is a legitimate program activation request, and the process proceeds to step A2.

In step A2, the main controller 17 commands the terminal side to notify that the request has been accepted as a legitimate program startup request. In this state, a specific code for starting the program is sent from the terminal side and given to the code comparator 19.

On the other hand, a specific code written in the system program ROM 15 is read out according to a command from the main controller 17, and is given to the code comparator 19. Thereby, in step A3, the specific code from the terminal is compared with the specific code of the card itself. If the comparison results do not match, the process proceeds to step A5, where card invalidation processing is executed. In this case, card invalidation processing is performed by the data memory controller 18 after receiving a command from the main controller 17.
Address designation and data writing/reading with respect to the data memory 21 are completely stopped. On the other hand, if they match, the process proceeds to step A4, where the contents of the test program ROM 16 are read out, and it becomes possible to check the bit pattern of the system program ROM 15 in the card or access the data memory 21 on the terminal side.

However, if the combination of triad signals from the terminal differs from the normal one due to an unauthorized program activation request, one of the matching circuits 261 to 263 will not match. As a result, the output of the logic circuit 264 is "0"
If the request is left as is, it is determined that the request is an unauthorized activation request, and the process proceeds to step A5. Therefore, in the same way as described above, addressing and data writing/reading to and from the data memory 21 by the data memory controller 18 are completely stopped, and the card is invalidated.

Therefore, if you do this, you can reset the IC card.
Using the t, I/O, and clock terminals, a three-value signal is given to these terminals from the terminal side, and a combination of parallel level information based on the three direct signals is stored in advance inside the card. Since the program is allowed to start on the card only when the parallel level information matches the parallel level information, it is possible to easily test from outside the card using the test terminal as in the past. Compared to
It is possible to prevent a test program from being started illegally and to prevent attempts to extract highly confidential information to the outside. This makes it possible to reliably prevent counterfeiting of cards and technical analysis of the entire system, thereby dramatically improving card security.

It should be noted that the present invention is not limited to the above-mentioned embodiments, but can be implemented with appropriate modifications without changing the gist.

The data combination in the level matrix 27 described above is an example, and other data combinations may also be used. In this way, even cards using the same IC circuit can be used as cards using different IC circuits. In addition, in the above description, a tertiary signal is used throughout, but a signal with four or more values may be used, an analog signal may be used, and there is no limitation to the type or number of terminals used.

[Effects of the Invention] According to this invention, the unauthorized activation of the test program in the IC card is reliably prevented, and the risk of highly confidential information being inadvertently taken out to the outside is eliminated, so card forgery is prevented. Such problems can be reliably prevented, and card security can be dramatically improved.

[Brief explanation of drawings]

Fig. 1 is a block diagram showing the circuit configuration of an embodiment of the present invention, Fig. 2 is a circuit diagram showing a check circuit used in the embodiment, and Fig. 3 is a triad signal used in the embodiment. FIG. 4 is a flow chart for explaining the operation of the same embodiment. 15... System program ROM, 16... Test program ROM, 17... Main controller,
18...Data memory controller 1.21...Data memory, 22...Check circuit, 23.24.2
5... Level detector, 26... Comparison section, 261.2
62.263... Matching circuit, 264... Logic circuit,
27...Level matrix, 271...RO~1.
275...Counter.

Claims (2)

[Claims] (1) A combination of parallel level information based on these input signals by inputting signals of different levels to various terminals provided on an IC card and a combination of parallel level information stored in the card in advance. A test program starting method is characterized in that it is possible to start a test program only when these match. (2) The above IC card can be reset, I/O, clo
2. The test program starting method according to claim 1, wherein each terminal of the ck is used and three voltages of different levels are applied to these terminals.